Aberdeen Proving Ground, Md. — The U.S. Army Communications-Electronics Command Software Engineering Center took a major step forward in ensuring command, control, communications, computers, cyber, intelligence, surveillance and reconnaissance systems — Soldiers’ eyes and ears on the battlefield — are protected against the latest cyber threats.
Oct. 1, SEC launched the CECOM Software Repository, a one-stop-shop for the Army software community to quickly and easily access updates and cyber patches for more than 70 C5ISR systems. Created in partnership with the Defense Information Systems Agency, the repository consolidates more than 10 previous web locations that previously housed these updates.
“Today nearly every Army weapon and communications system is running on software,” said Dan Woolley, CECOM chief engineer for the Technical Initiatives Division. “That means it’s critical for us to reduce the risk of units fighting with outdated and vulnerable platforms, and the repository is a key stepping stone toward achieving that goal.”
E-patching initiative
The repository was born out of the SEC’s recent focus on improving Army software readiness: ensuring units are ready to fight and win on the 21st-century, cyber-intensive battlefield. As part of its software readiness efforts, over the last several years SEC increased its use of electronic software patching. This delivery method is quicker and more secure than the SEC’s historical practice of manually mailing updates to Army units on physical media, such as CDs.
Although not all SEC-supported systems are capable of being e-patched due to bandwidth and other constraints, today the center is doing so for as many systems as possible. However, increased e-patching led to a secondary challenge of multiple and sometimes duplicative websites housing C5ISR software updates. Even with electronic delivery, this could make updating software cumbersome and confusing for users responsible for multiple systems.
User focus
To address the challenge, SEC began creating the common repository in late 2019, working closely with DISA and the U.S. Army Forces Command G-6 office. According to Woolley, ease of use was a key consideration. The interface is designed to be intuitive to navigate, requiring no more than two to three clicks for users to find what they need. In addition, the repository provides an easy way for users to simply determine the latest software baseline for any particular system.
“We took a very deliberate approach to make the repository user-centered and simple,” Woolley said. “A big part was user feedback driving changes — it was an iterative process.”
To ensure the repository was Soldier-focused, the SEC conducted a two-week pilot program with the 101st Airborne Division in July 2020 before the platform became available Army-wide. User feedback was very positive and helped drive several changes, Woolley said. The SEC is also considering additional pilots with targeted units to further refine the repository as the user base grows.
As part of the overall SEC software readiness initiative, the repository is the first of three iterative efforts designed to build on one another. The second is a software preventive maintenance and readiness reporting capability, expected in fiscal year 2021. The third is automated tools to simplify and streamline the patching process in order to improve patch delivery to bandwidth-constrained operating environments. The tools are expected in fiscal year 2022.
The repository is available to Department of Defense users with a Common Access Card or SIPRNet token. The repository is located on NIPRNet at https://cecom.sw.csd.disa.mil and on SIPRNet at https://cecom.sw.csd.disa.smil.mil.